115 matches found
CVE-2017-7325
Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open...
VulnCheck KEV: CVE-2014-1510
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...
The vulnerability of the Thunderbird email client, which allows a malicious actor to execute arbitrary code
Mozilla Thunderbird’s email client contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, using a fragment of IDL to trigger a...
The vulnerability of the Firefox browser, which allows a malicious actor to execute arbitrary code
The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger the...
The vulnerability of the Firefox ESR browser, which allows a malicious individual to execute arbitrary code
The Mozilla Firefox ESR browser contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger a...
The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to execute arbitrary code.
Mozilla SeaMonkey software contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger the...
Apache Wicket Cross-Site Scripting Vulnerability (CNVD-2016-02205)
Apache Wicket is the United States Apache Apache Software Foundation , a set of open source , lightweight , component-based framework , which provides an object-oriented way to develop Web-based dynamic UI applications . A cross-site scripting vulnerability exists in Apache Wicket's...
MS IE 4.0/5.0,Outlook 98 0 window.open Redirect Vulnerability
No description provided by source. Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Outlook 98 0 window.open Redirect Vulnerability source: http://www.securityfocus.com/bid/766/info If window.open is called with ...
Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29)
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...
CVE-2014-1510
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...
Mozilla: Privilege escalation using WebIDL-implemented APIs (MFSA 2014-29)
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call...
Race condition
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."...
firefox: URL bar spoofing vulnerability
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls th...
firefox: URL bar spoofing vulnerability
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls th...
Mozilla Products Address Bar Spoofing Vulnerability - Linux
Mozilla Products are prone to an address bar spoofing vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...